Combating Threats with Workstation Configuration Management
•Als PPTX, PDF herunterladen•
1 gefällt mir•527 views
In this presentation, Randy Franklin Smith from Ultimate Windows Security, stands up for group policy as the “right” way to configure the bulk of workstation security settings. But for endpoint configuration management to be secure, efficient and compliant, group policy is only part of the answer. Randy will discuss the need for status visibility and reporting. In addition, there are many areas that group policy does not address; he will provide multiple examples of commands and configuration tweaks commonly required to secure endpoints for which there’s no corresponding settings within group policy.
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Ähnlich wie Combating Threats with Workstation Configuration Management
Ähnlich wie Combating Threats with Workstation Configuration Management (20)
Mehr von Lumension
Mehr von Lumension (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Combating Threats with Workstation Configuration Management
- 1. Combating Threats with Workstation Configuration Management Made possible by: © 2011 Monterey Technology Group Inc.
- 2. Brought to you by www.lumension.com Speaker Russ Ernst & Rene Gonzalez
- 3. Preview of Key Points Poll Business drivers Key technical issues Workstation security is different than server security Group policy • Where it works • Where it stops Configuration management is only one piece of endpoint security © 2011 Monterey Technology Group Inc.
- 4. Business Drivers Compliance mandates Workstations focus of today's threats © 2011 Monterey Technology Group Inc.
- 5. Business driver: compliance mandates Federal Desktop Core Configuration Office of Management and Budget M-06-16 Mandate Payment Card Industry Data Security Standard © 2011 Monterey Technology Group Inc.
- 6. Business driver: endpoint focus of today’s threats Workstation re-emerged as the weak link Workstation initial, tactical target Endpoints are especially vulnerable Compromised endpoint provides a beach- head © 2011 Monterey Technology Group Inc.
- 7. Business driver: endpoint focus of today’s threats Workstation re-emerged as the weak link Workstation initial, tactical target Endpoints are especially vulnerable Compromised endpoint provides a beach- head © 2011 Monterey Technology Group Inc.
- 8. Business driver: endpoint focus of today’s threats Workstation re-emerged as the weak link Workstation initial, tactical target Endpoints are especially vulnerable Compromised endpoint provides a beach- head © 2011 Monterey Technology Group Inc.
- 9. Key Technical Issues Lingering misconception that workstations are not as important to security as servers are • Workstations are in fact a critical part of the overall trusted computing base within an organization just like servers, storage devices and routers © 2011 Monterey Technology Group Inc.
- 10. Key Technical Issues Workstation security is different than server security Server security is about • Network intrusion • Access control Workstation security more about • Interactive GUI usage • Non technical end user behavior • Malicious content being parsed and processed • Physical security © 2011 Monterey Technology Group Inc.
- 11. Key Technical Issues Configuration management is the foundation of endpoint security All other endpoint security technologies can be compromised or circumvented if the operating system itself is insecure Application Encryption Patch AV etc Whitelisting Operating System © 2011 Monterey Technology Group Inc.
- 12. Group Policy: An Important Part of the Solution Where it works Where it stops © 2011 Monterey Technology Group Inc.
- 13. Where Group Policy Works Core configuration No brainer Don’t use anything else Understand how to scope group policy with groups instead of OUs Use the Results Wizard to double check Use import/export for change management Use auditing to monitor for changes in group policy © 2011 Monterey Technology Group Inc.
- 14. Where Group Policy Stops 1. Unsupported Security Settings 2. Managed Execution of Custom Scripts 3. Visibility and Reporting © 2011 Monterey Technology Group Inc.
- 15. 1. Unsupported Security Settings Password filters Application settings BIOS configuration “Preferences” © 2011 Monterey Technology Group Inc.
- 16. 2. Managed Execution of Custom Scripts Lots of things that can only be configured from the command line BitLocker, TPM, some advanced audit policies Logon and Startup scripts How to run only once? Did it run? When will it run? © 2011 Monterey Technology Group Inc.
- 17. 3. Visibility and Reporting Is group policy broken? Is it being applied as expected? Even Group Policy Modeling Wizard operates under some assumptions Results Wizard only shows one computer? © 2011 Monterey Technology Group Inc.
- 18. Bottom Line Endpoint security should be priority one for most infosec organizations today Workstation configuration management is the foundation Group policy only part of the solution Endpoint security includes so many more pieces on top of configuration management Comprehensive, unified solution needed © 2011 Monterey Technology Group Inc.
- 19. Lumension® Endpoint Management and Security Suite 6 – Relating Risk to the Business 19 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
- 20. Brought to you by www.lumension.com Speaker Russ Ernst & Rene Gonzalez